0
|
1 <?
|
|
2 //
|
|
3 // Nothing to touch after this, mostly
|
|
4 //
|
|
5 $errorSet = FALSE;
|
|
6 $errorMsg = "";
|
|
7
|
|
8 function stError($msg)
|
|
9 {
|
|
10 global $errorSet, $errorMsg;
|
|
11 $errorSet = TRUE;
|
|
12 $errorMsg .= "<li>".$msg."</li>\n";
|
|
13 }
|
|
14
|
|
15
|
|
16 function stCheckHTTPS()
|
|
17 {
|
|
18 return isset($_SERVER["HTTPS"]) && ($_SERVER["HTTPS"] != "" && $_SERVER["HTTPS"] != "off");
|
|
19 }
|
|
20
|
|
21
|
|
22 function stAuthSession()
|
|
23 {
|
|
24 if (@session_start() === TRUE && isset($_SESSION["admpass"]) &&
|
|
25 $_SESSION["admpass"] == stGetSetting("admpass", FALSE))
|
|
26 {
|
|
27 // Check for session expiration
|
|
28 if (!isset($_SESSION["expires"]) || $_SESSION["expires"] < time())
|
|
29 return FALSE;
|
|
30
|
|
31 // Add more time to expiration
|
|
32 $_SESSION["expires"] = time() + stGetSetting("admtimeout", 5 * 60);
|
|
33 return TRUE;
|
|
34 }
|
|
35 else
|
|
36 return FALSE;
|
|
37 }
|
|
38
|
|
39
|
|
40 function stStartSession()
|
|
41 {
|
|
42 if (@session_start() === TRUE)
|
|
43 {
|
|
44 $_SESSION["admpass"] = stGetSetting("admpass", FALSE);
|
|
45 $_SESSION["expires"] = time() + stGetSetting("admtimeout", 5 * 60);
|
|
46 return TRUE;
|
|
47 }
|
|
48 else
|
|
49 return FALSE;
|
|
50 }
|
|
51
|
|
52
|
|
53 function stEndSession()
|
|
54 {
|
|
55 $ok = stAuthSession();
|
|
56 $_SESSION = array();
|
|
57 if (ini_get("session.use_cookies"))
|
|
58 {
|
|
59 $params = session_get_cookie_params();
|
|
60 setcookie(session_name(), "", time() - 242000,
|
|
61 $params["path"], $params["domain"],
|
|
62 $params["secure"], $params["httponly"]
|
|
63 );
|
|
64 }
|
|
65 @session_destroy();
|
|
66 return $ok;
|
|
67 }
|
|
68
|
|
69
|
|
70 function stGetSetting($name, $default)
|
|
71 {
|
|
72 global $siteSettings;
|
|
73 if (isset($siteSettings[$name]))
|
|
74 return $siteSettings[$name];
|
|
75 else
|
|
76 return $default;
|
|
77 }
|
|
78
|
|
79
|
|
80 function stChkSetting($name)
|
|
81 {
|
|
82 global $siteSettings;
|
|
83 return isset($siteSettings[$name]) && $siteSettings[$name];
|
|
84 }
|
|
85
|
|
86
|
|
87 function stSpecURL($id)
|
|
88 {
|
|
89 global $specURLs;
|
|
90 if (isset($specURLs[$id]))
|
|
91 return "<a href=\"".$specURLs[$id][0]."\">".$specURLs[$id][1]."</a>";
|
|
92 else
|
|
93 return "";
|
|
94 }
|
|
95
|
|
96
|
|
97 function stPrintSpecURL($id)
|
|
98 {
|
|
99 echo stSpecURL($id);
|
|
100 }
|
|
101
|
|
102
|
|
103 function dhentities($str)
|
|
104 {
|
|
105 return str_replace(array("<",">"), array("<", ">"), htmlentities($str, ENT_NOQUOTES, "UTF-8"));
|
|
106 }
|
|
107
|
|
108
|
|
109 function chentities($str)
|
|
110 {
|
|
111 return htmlentities($str, ENT_NOQUOTES, "UTF-8");
|
|
112 }
|
|
113
|
|
114
|
|
115 function stGetFormCheckBoxInput($name, $id, $prefix, $checked, $label, $extra = "")
|
|
116 {
|
|
117 return
|
|
118 "<input ".$extra." type=\"checkbox\" id=\"".$prefix.$name.$id."\" ".
|
|
119 "name=\"".$prefix.$name.$id."\" ".($checked ? "checked=\"checked\" " : "")." />".
|
|
120 "<label for=\"".$prefix.$name.$id."\">".$label."</label>";
|
|
121 }
|
|
122
|
|
123
|
|
124 function stGetFormButtonInput($name, $id, $prefix, $label, $onclick = "")
|
|
125 {
|
|
126 return
|
|
127 "<input type=\"button\" id=\"".$prefix.$name.$id."\" ".
|
|
128 "name=\"".$name."\" value=\"".$label."\" ".
|
|
129 ($onclick != "" ? "onClick=\"".$onclick."\"" : "")." />";
|
|
130 }
|
|
131
|
|
132
|
|
133 function stGetFormTextArea($rows, $cols, $name, $id, $prefix, $value, $extra = "")
|
|
134 {
|
|
135 return
|
|
136 "<textarea ".$extra." id=\"".$prefix.$name.$id."\" ".
|
|
137 "name=\"".$name."\" rows=\"".$rows."\" cols=\"".$cols."\">".
|
|
138 (isset($value) ? chentities($value) : "").
|
|
139 "</textarea>";
|
|
140 }
|
|
141
|
|
142
|
|
143 function stGetFormTextInput($size, $len, $name, $id, $prefix, $value, $extra = "")
|
|
144 {
|
|
145 return
|
|
146 "<input ".$extra." type=\"text\" id=\"".$prefix.$name.$id."\" ".
|
|
147 "name=\"".$name."\" size=\"".$size."\" maxlength=\"".$len."\"".
|
|
148 (isset($value) ? " value=\"".chentities($value)."\"" : "").
|
|
149 " />";
|
|
150 }
|
|
151
|
|
152
|
|
153 function stGetFormPasswordInput($name, $id, $prefix)
|
|
154 {
|
|
155 return
|
|
156 "<input type=\"password\" id=\"".$prefix.$name.$id.
|
|
157 "\" name=\"".$name."\" />";
|
|
158 }
|
|
159
|
|
160
|
|
161 function stGetFormHiddenInput($name, $value)
|
|
162 {
|
|
163 return "<input type=\"hidden\" name=\"".$name."\" value=\"".chentities($value)."\" />";
|
|
164 }
|
|
165
|
|
166
|
|
167 function stGetTDEditTextItem($edit, $size, $len, $name, $id, $prefix, $value, $extra = "")
|
|
168 {
|
|
169 return
|
|
170 "<td class=\"".$name."\">".
|
|
171 ($edit ? stGetFormTextInput($size, $len, $name, $id, $prefix, $value, $extra) : chentities($value)).
|
|
172 "</td>";
|
|
173 }
|
|
174
|
|
175
|
|
176 function stPrintFormTextInput($text1, $text2, $size, $len, $name, $extra="")
|
|
177 {
|
|
178 echo " <tr><th>".chentities($text1)."</th><td>".
|
|
179 stGetFormTextInput($size, $len, $name, "", "", $_REQUEST[$name], $extra).
|
|
180 "</td><td>".chentities($text2)."</td></tr>\n";
|
|
181 }
|
|
182
|
|
183
|
|
184 function stPrintFormHiddenInput($name, $value)
|
|
185 {
|
|
186 echo " ".stGetFormHiddenInput($name, $value)."\n";
|
|
187 }
|
|
188
|
|
189
|
|
190 function stPrintAttendee($item, $row, $edit, $eclass = "")
|
|
191 {
|
|
192 $id = $item["id"];
|
|
193 $prefix = "at";
|
|
194 echo " ".
|
|
195 "<tr class=\"".($row % 2 == 1 ? "rodd" : "reven").$eclass."\" id=\"attendee".$id."\">".
|
|
196 stGetTDEditTextItem(FALSE, 20, 40, "name", $id, $prefix, $item["name"]).
|
|
197 stGetTDEditTextItem(FALSE, 20, 40, "groups", $id, $prefix, $item["groups"]).
|
|
198 "<td class=\"regtime\">".date("d M Y / H:i", $item["regtime"])."</td>".
|
|
199 stGetTDEditTextItem($edit, 30, 64, "oneliner", $id, $prefix, $item["oneliner"], "autocomplete=\"off\"");
|
|
200
|
|
201 if ($edit)
|
|
202 {
|
|
203 echo
|
|
204 stGetTDEditTextItem($edit, 20, 40, "email", $id, $prefix, $item["email"], "autocomplete=\"off\"").
|
|
205 "<td>".
|
|
206 "<button class=\"button\" id=\"atupd".$id."\" type=\"button\" onclick=\"updateAttendee(".$id.")\">Update</button>".
|
|
207 "<button class=\"button\" id=\"atdel".$id."\" type=\"button\" onclick=\"deleteAttendee(".$id.")\">Delete</button>".
|
|
208 "</td>";
|
|
209 }
|
|
210
|
|
211 echo "</tr>\n";
|
|
212 }
|
|
213
|
|
214
|
|
215 function stPrintNewsItem($item, $edit = "")
|
|
216 {
|
|
217 echo
|
|
218 "<div class=\"newsitem\" id=\"news".$item["id"]."\">\n".
|
|
219 " <h2>".chentities($item["title"])."</h2>\n".
|
|
220 " <div class=\"text\">".dhentities($item["text"])."</div>\n".
|
|
221 " <div class=\"sig\">-- ".chentities($item["author"])."<br />".
|
|
222 date("d M Y / H:i", $item["utime"]).
|
|
223 $edit."</div>\n".
|
|
224 "</div>\n";
|
|
225 }
|
|
226
|
|
227
|
|
228 function stChkDataItem($name)
|
|
229 {
|
|
230 return !isset($_REQUEST[$name]) || strlen(trim($_REQUEST[$name])) < 1;
|
|
231 }
|
|
232
|
|
233
|
|
234 function stChkRequestItem($name)
|
|
235 {
|
|
236 return isset($_REQUEST[$name]);
|
|
237 }
|
|
238
|
|
239
|
|
240 function stGetRequestItem($name, $default = "")
|
|
241 {
|
|
242 return isset($_REQUEST[$name]) ? trim($_REQUEST[$name]) : $default;
|
|
243 }
|
|
244
|
|
245
|
|
246 function stGetDRequestItem($name, $default = "")
|
|
247 {
|
|
248 return trim(urldecode(stGetRequestItem($name, $default)));
|
|
249 }
|
|
250
|
|
251
|
|
252 function stLogSQLError($sql)
|
|
253 {
|
|
254 global $db;
|
|
255 error_log("SQL error ".implode("; ", $db->errorInfo())." in statement \"".$sql."\"");
|
|
256 }
|
|
257
|
|
258
|
|
259 function stConnectSQLDB()
|
|
260 {
|
|
261 global $db;
|
|
262 try {
|
|
263 $db = new PDO("sqlite:".stGetSetting("dbfilename", FALSE));
|
|
264 }
|
|
265 catch (PDOException $e) {
|
|
266 error_log("Could not connect to SQL database: ".$e->getMessage().".");
|
|
267 return FALSE;
|
|
268 }
|
|
269 return TRUE;
|
|
270 }
|
|
271
|
|
272
|
|
273 function stGetSQLParam($type, $value)
|
|
274 {
|
|
275 global $db;
|
|
276 switch ($type)
|
|
277 {
|
|
278 case "d":
|
|
279 return intval($value);
|
|
280
|
|
281 case "s":
|
|
282 return $db->quote($value);
|
|
283
|
|
284 case "D":
|
|
285 return intval(stGetRequestItem($value));
|
|
286
|
|
287 case "S":
|
|
288 return $db->quote(stGetDRequestItem($value));
|
|
289
|
|
290 case "Q":
|
|
291 return $db->quote(stripslashes(stGetDRequestItem($value)));
|
|
292
|
|
293 case "B":
|
|
294 return intval(stGetRequestItem($value)) ? 1 : 0;
|
|
295 }
|
|
296 }
|
|
297
|
|
298
|
|
299 function stPrepareSQL()
|
|
300 {
|
|
301 $argc = func_num_args();
|
|
302 $argv = func_get_args();
|
|
303 if ($argc < 1)
|
|
304 {
|
|
305 error_log("Invalid stPrepareSQL() call, no arguments!");
|
|
306 return FALSE;
|
|
307 }
|
|
308
|
|
309 $fmt = $argv[0];
|
|
310 $len = strlen($fmt);
|
|
311 $sql = "";
|
|
312 $argn = 1;
|
|
313 $pos = 0;
|
|
314 while ($pos < $len)
|
|
315 {
|
|
316 if ($fmt[$pos] == "%")
|
|
317 {
|
|
318 if ($argn < $argc)
|
|
319 $sql .= stGetSQLParam($fmt[++$pos], $argv[$argn++]);
|
|
320 else
|
|
321 {
|
|
322 error_log("Invalid SQL statement format string '".$fmt.
|
|
323 "', not enough parameters specified (".$argn." of ".$argc.")");
|
|
324 return FALSE;
|
|
325 }
|
|
326 }
|
|
327 else
|
|
328 $sql .= $fmt[$pos];
|
|
329 $pos++;
|
|
330 }
|
|
331
|
|
332 return $sql;
|
|
333 }
|
|
334
|
|
335
|
|
336 function stPrepareSQLUpdate($table, $cond, $pairs)
|
|
337 {
|
|
338 $sql = array();
|
|
339 foreach ($pairs as $name => $attr)
|
|
340 {
|
|
341 $sql[] = $name."=".stGetSQLParam($attr, $name);
|
|
342 }
|
|
343 return
|
|
344 "UPDATE ".$table." SET ".implode(",", $sql).
|
|
345 ($cond != "" ? " ".$cond : "");
|
|
346 }
|
|
347
|
|
348
|
|
349 function stExecSQL($sql)
|
|
350 {
|
|
351 global $db;
|
|
352 if (($res = $db->query($sql)) !== FALSE)
|
|
353 return $res;
|
|
354 else
|
|
355 {
|
|
356 stLogSQLError($sql);
|
|
357 stError("Oh noes! SQL error #23!");
|
|
358 return FALSE;
|
|
359 }
|
|
360 }
|
|
361
|
|
362
|
|
363 function stFetchSQL($sql)
|
|
364 {
|
|
365 global $db;
|
|
366 if (($res = $db->query($sql)) !== FALSE)
|
|
367 {
|
|
368 return $res->fetch();
|
|
369 }
|
|
370 else
|
|
371 {
|
|
372 stLogSQLError($sql);
|
|
373 stError("Oh noes! SQL error #31!");
|
|
374 return FALSE;
|
|
375 }
|
|
376 }
|
|
377
|
|
378
|
|
379 function stFetchSQLColumn($sql, $column = 0)
|
|
380 {
|
|
381 global $db;
|
|
382 if (($res = $db->query($sql)) !== FALSE)
|
|
383 {
|
|
384 return $res->fetchColumn($column);
|
|
385 }
|
|
386 else
|
|
387 {
|
|
388 stLogSQLError($sql);
|
|
389 stError("Oh noes! SQL error #81!");
|
|
390 return FALSE;
|
|
391 }
|
|
392 }
|
|
393
|
|
394
|
|
395 function stGetCompoList($all)
|
|
396 {
|
|
397 global $compos;
|
|
398
|
|
399 // Get entries and competitions into an array structure
|
|
400 $sql = "SELECT * FROM compos ".($all ? "" :"WHERE enabled<>0 ")."ORDER BY name DESC";
|
|
401 foreach (stExecSQL($sql) as $compo)
|
|
402 {
|
|
403 $id = $compo["id"];
|
|
404
|
|
405 $compos[$compo["id"]] = array(
|
|
406 "name" => $compo["name"],
|
|
407 "entries" => array()
|
|
408 );
|
|
409
|
|
410 $sql = stPrepareSQL("SELECT * FROM entries WHERE compo_id=%d", $id);
|
|
411 foreach (stExecSQL($sql) as $entry)
|
|
412 {
|
|
413 $compos[$id]["entries"][$entry["id"]] = $entry;
|
|
414 }
|
|
415 }
|
|
416 }
|
|
417
|
|
418
|
|
419 function stConvSwitchMode(&$str, &$mode, $newMode)
|
|
420 {
|
|
421 if ($newMode != $mode)
|
|
422 {
|
|
423 if ($mode != "")
|
|
424 $str .= "\n</".$mode.">\n";
|
|
425
|
|
426 $mode = $newMode;
|
|
427
|
|
428 if ($mode != "")
|
|
429 $str .= "<".$mode.">\n";
|
|
430 }
|
|
431 }
|
|
432
|
|
433
|
|
434 function stConvertCompoDesc($desc)
|
|
435 {
|
|
436 global $stDescConversion;
|
|
437 $str = "";
|
|
438 $mode = "";
|
|
439
|
|
440 foreach (explode("\n", $desc) as $line)
|
|
441 {
|
|
442 if (preg_match("/^\s*\s*\*(.+)$/", $line, $m))
|
|
443 {
|
|
444 stConvSwitchMode($str, $mode, "ol");
|
|
445 $str .= "<li>".$m[1]."</li>\n";
|
|
446 }
|
|
447 else
|
|
448 if (preg_match("/^\s*-\s*(.+)$/", $line, $m))
|
|
449 {
|
|
450 stConvSwitchMode($str, $mode, "ul");
|
|
451 $str .= "<li>".$m[1]."</li>\n";
|
|
452 }
|
|
453 else
|
|
454 {
|
|
455 stConvSwitchMode($str, $mode, "p");
|
|
456 $str .= $line;
|
|
457 }
|
|
458 }
|
|
459
|
|
460 stConvSwitchMode($str, $mode, "");
|
|
461
|
|
462 return $str;
|
|
463 }
|
|
464
|
|
465 ?> |